|
|
at程序存在heap破坏漏洞
发布时间:2002-01-17
更新时间:2002-01-17
严重程度:高
威胁程度:本地管理员权限
错误类型:意外情况处置错误
利用方式:服务器模式
受影响系统at-
suse 6.4, 7.0, 7.1, 7.2, 7.3
debian 2.2 详细描述
'at'命令可以从标准输入以某一个时间中指定读取命令执行,如果执行的时间
精心构建(但错误)的格式,at命令会在调用free()的时候崩溃。导致Heap破坏
并可执行任意命令。
测试代码
尚无
解决方案
使用如下升级程序:
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/ap1/at-3.1.8-459.i386.rpm
db3d2bd38f81667dcece38d1c4a86725
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/at-3.1.8-459.src.rpm
82701057fc8ea3217800b0ab1e2e544b
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/ap1/at-3.1.8-458.i386.rpm
91b759e6a8d433273c5567ed26735690
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/at-3.1.8-458.src.rpm
3df6d6d708d4ef90515f6f1fbbdea5bf
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/at-3.1.8-458.i386.rpm
73eb22d5c958c17e264fd31ec339b763
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/at-3.1.8-458.src.rpm
1303a1328f31313a62f5645f7cb476ef
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/at-3.1.8-459.i386.rpm
3179e64f87371d7864d1956ceb9bd020
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/at-3.1.8-459.src.rpm
67efafe83908ac53fc54acac9a0f056b
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/at-3.1.8-458.i386.rpm
aaffed7c302b9ec42885087296c6f0a1
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/at-3.1.8-458.src.rpm
374cf4374fbe1e66ab2e685aa0449034
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/ap1/at-3.1.8-356.sparc.rpm
ec76d45245ef917e22f5f1a863a89988
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/at-3.1.8-356.src.rpm
40de9490a06bd294ad6a7f90e682c0cd
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/at-3.1.8-356.sparc.rpm
27f575762c0b1643008968a167324347
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/at-3.1.8-356.src.rpm
66546dc729e071039595a13d01feacfb
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/at-3.1.8-357.sparc.rpm
98007292769f55e4239b6922157bfa13
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/at-3.1.8-357.src.rpm
2d20cdbb10680282596677aac3106f30
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/a1/at-3.1.8-360.alpha.rpm
df71ebf25a2252637ee1421d08779b8d
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/at-3.1.8-360.src.rpm
b8b3a4f80e0d19e0211131ca58c1e0fe
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/at-3.1.8-361.alpha.rpm
0bc21b9ddc12746a17592fa74473bbf6
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/at-3.1.8-361.src.rpm
4d93aa10b426224936e3de357540ea49
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/at-3.1.8-361.alpha.rpm
aeb76c2eb37f7e442c49c7ba3c5e44a5
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/at-3.1.8-361.src.rpm
6d783c34eb0b855a96736e58d67bc053
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/ap1/at-3.1.8-363.ppc.rpm
111bd6e813ef33265035b21d19776b49
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/at-3.1.8-363.src.rpm
fa2ee9aca5b73009b1d9c90731265a19
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/a1/at-3.1.8-362.ppc.rpm
868a1662f751823432d3d881edd371cd
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/at-3.1.8-362.src.rpm
d759233bfc2ce230e1c46d2ec0f15a73
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/at-3.1.8-362.ppc.rpm
7b12fe4b5f31434eb7cf3c0caae75811
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/at-3.1.8-362.src.rpm
4c6e2724bb76e08be66831ed85c60f85
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/at-3.1.8-362.ppc.rpm
7ebc9a1fde97f5ac8226b9e17621a40b
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/at-3.1.8-362.src.rpm
fa3c5e08703eb54b4f493de56ec837bb
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.1.dsc
MD5 checksum: 5050a81922314ee1a01582e62ffdb00f
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.1.diff.gz
MD5 checksum: 9fec73d790aa854411bf02ae49888224
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8.orig.tar.gz
MD5 checksum: 1e83522666118b3eab4cb8e345e6da5a
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/at_3.1.8-10.1_alpha.deb
MD5 checksum: 9520a63861b8264d6811996b9b2f878d
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/at_3.1.8-10.1_arm.deb
MD5 checksum: a9b005d56ca131cceb6625ccb1d03ee5
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/at_3.1.8-10.1_i386.deb
MD5 checksum: 8af8ea462718b6bee748b2a809834d2e
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/at_3.1.8-10.1_m68k.deb
MD5 checksum: b836db6d112d9c29f0f8c12b13511f3e
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/at_3.1.8-10.1_powerpc.deb
MD5 checksum: 21a24bfe018ee300ecb30a6d851f201b
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/at_3.1.8-10.1_sparc.deb
MD5 checksum: 032d0e4f32b903e26ddb0939499841c6
相关信息
|
